UbuntuUpdates.org

Package "libtar"

Name: libtar

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • C library for manipulating tar archives (development files)
  • C library for manipulating tar archives
Latest version: 1.2.20-8.1ubuntu0.24.04.1
Release: noble (24.04)
Level: updates
Repository: universe

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Other versions of "libtar" in Noble

Repository Area Version
base universe 1.2.20-8.1build1
security universe 1.2.20-8.1ubuntu0.24.04.1

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 1.2.20-8.1ubuntu0.24.04.1 2025-03-31 22:07:11 UTC

  libtar (1.2.20-8.1ubuntu0.24.04.1) noble-security; urgency=medium

  * SECURITY UPDATE: Out of bounds read when header struct is 0
    - debian/patches/CVE-2021-33643_33644.patch: Ensure that sz is
    greater than 0.
    - CVE-2021-33643
    - CVE-2021-33644
  * SECURITY UPDATE: Memory leak from failing to free
    t->th_buf.gnu_longlink
    - debian/patches/CVE-2021-33645_33646.patch: fix memory leak
    - CVE-2021-33645
    - CVE-2021-33646

 -- John Breton <email address hidden> Fri, 28 Mar 2025 14:39:01 -0400
CVE-2021-33643 An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc(0) for a variable gnu_longl
CVE-2021-33644 An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc(0) for a variable gnu_longn
CVE-2021-33645 The th_read() function doesn’t free a variable t->th_buf.gnu_longlink after allocating memory, which may cause a memory leak.
CVE-2021-33646 The th_read() function doesn’t free a variable t->th_buf.gnu_longname after allocating memory, which may cause a memory leak.


About   -   Send Feedback to @ubuntu_updates